"H. S." <greatexcalibur@yahoo.com> writes:
> I was setting up my home network on Debian and noticed that there is
> not /etc/init.d/rc.iptables or some similar script (that used to there
> when I had installed Woody and dist-upgraded to Sarge a few months
> ago).
I don't think the package maintainer thought that having iptables in
/etc/init.d was a good idea, and he might have removed it in Sarge.
Instead, put the following scripts in /etc/network/if-pre-up.d and
/etc/network/if-post-up.d (or /etc/ppp/ip-up.d and /etc/ppp/ip-down.d if
you are on a dialup):
######### iptables-up.ethX ###############
#!/bin/sh
IPTABLES=/sbin/iptables
SAVE=/sbin/iptables-save
RESTORE=/sbin/iptables-restore
RULES=/var/lib/iptables/iptables.${1}
# restore the rules
$RESTORE < $RULES
#########################################
######## iptables-down.ethX #############
#!/bin/sh
IPTABLES=/sbin/iptables
SAVE=/sbin/iptables-save
RESTORE=/sbin/iptables-restore
RULES=/var/lib/iptables/iptables.${1}
# save the rules first
#$SAVE > $RULES
# flush nat table
$IPTABLES -t nat -F
$IPTABLES -t nat -X
# flush routing table
$IPTABLES -F
$IPTABLES -X
# change policy
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
#########################################
Now, change the /etc/network/interfaces file, so than when your network
connection goes up, these scripts get called. Or, if you are on a
dial-up, just copy them to /etc/ppp/ip-up.d or /etc/ppp/ip-down.d, and
they get called automatically.
--
John L. Fjellstad
web: http://www.fjellstad.org/ Quis custodiet ipsos custodes